Re: WoSign new system passed Cure 53 system security audit

Hi all, Your reported BR issues is from StartCom, not WoSign, we don't use the new system to issue any certificate now since the new root is not generated. PLEASE DO NOT mix it, thanks. Best Regards, Richard > On 11 Jul 2017, at 23:34, Ryan Sleevi via dev-security-policy >

Re: WoSign new system passed Cure 53 system security audit

On Tue, Jul 11, 2017 at 12:09 PM, Percy via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On Tuesday, July 11, 2017 at 8:36:33 AM UTC-7, Ryan Sleevi wrote: > > > comply with the Baseline Requirements, nor, as designed, can it. The > system > > would need to undergo

Re: WoSign new system passed Cure 53 system security audit

On Tue, Jul 11, 2017 at 11:40 AM, Alex Gaynor wrote: > Is this a correct summary: > > - The report included here is supposed to fulfill the network security > test portion of the BRs > No. This is #5 from https://bugzilla.mozilla.org/show_bug.cgi?id=1311824 , and relates to

Re: WoSign new system passed Cure 53 system security audit

Is this a correct summary: - The report included here is supposed to fulfill the network security test portion of the BRs - This report does not attest to BR compliance (or non-compliance) - To complete an application for the Mozilla Root Program, WoSign would be required to additionally provide

Re: WoSign new system passed Cure 53 system security audit

On Tue, Jul 11, 2017 at 11:16 AM, Jonathan Rudenberg via dev-security-policy wrote: > > > On Jul 11, 2017, at 06:53, okaphone.elektronika--- via > dev-security-policy wrote: > > > > On Monday, 10 July 2017 08:55:38

Re: WoSign new system passed Cure 53 system security audit

On Tuesday, July 11, 2017 at 8:16:50 AM UTC-7, Jonathan Rudenberg wrote: > > On Jul 11, 2017, at 06:53, okaphone.elektronika--- via dev-security-policy > > wrote: > > > > On Monday, 10 July 2017 08:55:38 UTC+2, Richard Wang wrote: > >> > >> Please note

Re: WoSign new system passed Cure 53 system security audit

> On Jul 11, 2017, at 06:53, okaphone.elektronika--- via dev-security-policy > wrote: > > On Monday, 10 July 2017 08:55:38 UTC+2, Richard Wang wrote: >> >> Please note this email topic is just for releasing the news that WoSign new >> system passed the

Re: How long to resolve unaudited unconstrained intermediates?

On Tuesday, 11 July 2017 10:56:43 UTC+1, Kurt Roeckx wrote:> > So at least some of them have been notified more than 3 months ago, and > a bug was filed a month later. I think you already gave them too much > time to at least respond to it, and suggest that you sent a new email > indicating

Re: WoSign new system passed Cure 53 system security audit

On Monday, 10 July 2017 08:55:38 UTC+2, Richard Wang wrote: > > Please note this email topic is just for releasing the news that WoSign new > system passed the security audit, just for demonstration that we finished > item 5: > " 5. Provide auditor[3] attestation that a full security audit of

Re: How long to resolve unaudited unconstrained intermediates?

On 2017-07-10 18:35, Alex Gaynor wrote: Hi all, I wanted to call some attention to a few intermediates which have been hanging out in the "Audit required" section for quite a while: https://crt.sh/mozilla-disclosures#disclosureincomplete Specifically, the TurkTrust and Firmaprofesional ones.